How to install search guard 6.1.3 plugin for ES 6.1.3 ?

[Raju Manikala]

add-apt-repository ppa:webupd8team/java

apt-get update

apt-get install oracle-java8-installer -y

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.1.3.deb

chmod +x elasticsearch-6.1.3.deb

dpkg -i /home/ubuntu/elasticsearch-6.1.3.deb

Changed elasticsearch.yml as follows

network.host: 0.0.0.0

http.port: 9200

update-rc.d elasticsearch defaults 95 10

service elasticsearch restart

I accessed ES as https://<hostname>:<HTTP port> and I got below output

{

  "name" : "acvff",

  "cluster_name" : "elasticsearch",

  "cluster_uuid" : "-Hqx5vMgSbaZdM4-hjzMEQ",

  "version" : {

    "number" : "6.1.3",

    "build_hash" : "601be4a",

    "build_date" : "2017-11-04T09:22:03.333Z",

    "build_snapshot" : false,

    "lucene_version" : "7.0.1",

    "minimum_wire_compatibility_version" : "5.6.0",

    "minimum_index_compatibility_version" : "5.0.0"

},

  "tagline" : "You Know, for Search"

   }

   

root@ip-10-0-0-248:/usr/share/elasticsearch# bin/elasticsearch-plugin install -b com.floragunn:search-guard-6:6.1.3-21.0

-> Downloading com.floragunn:search-guard-6:6.1.3-21.0 from maven central

[=================================================] 100%  

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@     WARNING: plugin requires additional permissions     @

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

* java.io.FilePermission /proc/sys/net/core/somaxconn read

* java.lang.RuntimePermission accessClassInPackage.sun.misc

* java.lang.RuntimePermission accessClassInPackage.sun.nio.ch

* java.lang.RuntimePermission accessClassInPackage.sun.security.x509

* java.lang.RuntimePermission accessDeclaredMembers

* java.lang.RuntimePermission accessUserInformation

* java.lang.RuntimePermission getClassLoader

* java.lang.RuntimePermission loadLibrary.*

* java.lang.RuntimePermission setContextClassLoader

* java.lang.RuntimePermission shutdownHooks

* java.lang.reflect.ReflectPermission suppressAccessChecks

* java.net.NetPermission getNetworkInformation

* java.net.SocketPermission * connect,accept,resolve

* java.security.SecurityPermission getProperty.ssl.KeyManagerFactory.algorithm

* java.security.SecurityPermission insertProvider.BC

* java.security.SecurityPermission putProviderProperty.BC

* java.security.SecurityPermission setProperty.ocsp.enable

* java.util.PropertyPermission com.sun.security.enableCRLDP write

* java.util.PropertyPermission es.set.netty.runtime.available.processors write

* java.util.PropertyPermission java.security.debug write

* java.util.PropertyPermission java.security.krb5.conf write

* java.util.PropertyPermission javax.security.auth.useSubjectCredsOnly write

* java.util.PropertyPermission jdk.tls.rejectClientInitiatedRenegotiation write

* java.util.PropertyPermission sun.nio.ch.bugLevel write

* java.util.PropertyPermission sun.security.krb5.debug write

* java.util.PropertyPermission sun.security.spnego.debug write

* javax.security.auth.AuthPermission doAs

* javax.security.auth.AuthPermission modifyPrivateCredentials

* javax.security.auth.kerberos.ServicePermission * accept

See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html

for descriptions of what these permissions allow and the associated risks.

-> Installed search-guard-6

root@ip-10-0-0-248:/usr/share/elasticsearch# cd plugins/search-guard-6/tools/

root@ip-10-0-0-248:/usr/share/elasticsearch/plugins/search-guard-6/tools# ls

hash.bat  hash.sh  install_demo_configuration.sh  sgadmin.bat  sgadmin.sh

root@ip-10-0-0-248:/usr/share/elasticsearch/plugins/search-guard-6/tools# ./install_demo_configuration.sh

bash: ./install_demo_configuration.sh: Permission denied

root@ip-10-0-0-248:/usr/share/elasticsearch/plugins/search-guard-6/tools# chmod +x install_demo_configuration.sh

root@ip-10-0-0-248:/usr/share/elasticsearch/plugins/search-guard-6/tools# ls

hash.bat  hash.sh  install_demo_configuration.sh  sgadmin.bat  sgadmin.sh

root@ip-10-0-0-248:/usr/share/elasticsearch/plugins/search-guard-6/tools# ./install_demo_configuration.sh

Search Guard 6 Demo Installer

 ** Warning: Do not use on production or public reachable systems **

Install demo certificates? [y/N] y

Initialize Search Guard? [y/N] y

Cluster mode requires maybe additional setup of:

  - Virtual memory (vm.max_map_count)

    See https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html

Enable cluster mode? [y/N] y

Basedir: /usr/share/elasticsearch

This script maybe require your root password for 'sudo' privileges

Elasticsearch install type: rpm/deb on DISTRIB_ID=Ubuntu

Elasticsearch config dir: /etc/elasticsearch

Elasticsearch config file: /etc/elasticsearch/elasticsearch.yml

Elasticsearch bin dir: /usr/share/elasticsearch/bin

Elasticsearch plugins dir: /usr/share/elasticsearch/plugins

Elasticsearch lib dir: /usr/share/elasticsearch/lib

Detected Elasticsearch Version: cli-6.1.3

Detected Search Guard Version: 6.1.3-21.0

### Success

### Execute this script now on all your nodes and then start all nodes

### Search Guard will be automatically initialized.

### If you like to change the runtime configuration

### change the files in ../sgconfig and execute:

sudo /usr/share/elasticsearch/plugins/search-guard-6/tools/sgadmin.sh -cd /usr/share/elasticsearch/plugins/search-guard-6/sgconfig -icl -key /etc/elasticsearch/kirk-key.pem -cert /etc/elasticsearch/kirk.pem -cacert /etc/elasticsearch/root-ca.pem -nhnv

### or run ./sgadmin_demo.sh

### To use the Search Guard Configuration GUI see http://docs.search-guard.com/v6/configuration-gui

### To access your Search Guard secured cluster open https://<hostname>:<HTTP port> and log in with admin/admin.

### (Ignore the SSL certificate warning because we installed self-signed demo certificates)

root@ip-10-0-0-110:/usr/share/elasticsearch/plugins/search-guard-6/sgconfig# service elasticsearch restart

 * Stopping Elasticsearch Server                                                                                                                                 [ OK ]

 * Starting Elasticsearch Server                                                                                                                                 [ OK ]

root@ip-10-0-0-110:/usr/share/elasticsearch/plugins/search-guard-6/sgconfig# cd

root@ip-10-0-0-110:~# sudo /usr/share/elasticsearch/plugins/search-guard-6/tools/sgadmin.sh -cd /usr/share/elasticsearch/plugins/search-guard-6/sgconfig -icl -key /etc/elasticsearch/kirk-key.pem -cert /etc/elasticsearch/kirk.pem -cacert /etc/elasticsearch/root-ca.pem -nhnv

WARNING: JAVA_HOME not set, will use /usr/bin/java

Search Guard Admin v6

Will connect to localhost:9300 ... done

Elasticsearch Version: 6.1.3

Search Guard Version: 6.1.3-21.0

Connected as CN=kirk,OU=client,O=client,L=Test,C=DE

Contacting elasticsearch cluster 'elasticsearch' and wait for YELLOW clusterstate ...

Clustername: searchguard_demo

Clusterstate: YELLOW

Number of nodes: 1

Number of data nodes: 1

searchguard index already exists, so we do not need to create one.

INFO: searchguard index state is YELLOW, it seems you miss some replicas

Populate config from /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/

Will update 'sg/config' with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_config.yml

   FAIL: Configuration for 'config' failed because of java.lang.IllegalArgumentException: Rejecting mapping update to [searchguard] as the final mapping would have more than 1 type: [sg, doc]

Will update 'sg/roles' with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_roles.yml

   FAIL: Configuration for 'roles' failed because of java.lang.IllegalArgumentException: Rejecting mapping update to [searchguard] as the final mapping would have more than 1 type: [sg, doc]

Will update 'sg/rolesmapping' with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_roles_mapping.yml

   FAIL: Configuration for 'rolesmapping' failed because of java.lang.IllegalArgumentException: Rejecting mapping update to [searchguard] as the final mapping would have more than 1 type: [sg, doc]

Will update 'sg/internalusers' with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_internal_users.yml

   FAIL: Configuration for 'internalusers' failed because of java.lang.IllegalArgumentException: Rejecting mapping update to [searchguard] as the final mapping would have more than 1 type: [sg, doc]

Will update 'sg/actiongroups' with /usr/share/elasticsearch/plugins/search-guard-6/sgconfig/sg_action_groups.yml

   FAIL: Configuration for 'actiongroups' failed because of java.lang.IllegalArgumentException: Rejecting mapping update to [searchguard] as the final mapping would have more than 1 type: [sg, doc]

FAIL: Expected 1 nodes to return response, but got only 0

Done with failures

I got error as below

Search Guard not initialized (SG11). See http://docs.search-guard.com/v6/sgadmin

[SG]

can you please file a github issue for that

> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/e7098f7a-c873-414d-91c4-6e8b9019c4e7%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.